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(57)Abstract; 

PROBLEM TO BE SOLVED: To provide an 
access management system and a managing 
method for a smart card, which give an 
authentication permission to each application 
■~jj^(procesB) in regard to accesses by a plurality of 

^Uapplications. 

~1 jiSOLUTION: The applications 21 including a 
plurality of pieces of access processing to the 
smart card make an exclusion acquisition 
request to an exclusion control mechanism 11 at 
the time of making an access request to the 
smart card 22 in each, access processing and 
requests access to an access control mechanism 
12 when the applications 21 obtain exclusion. 
The mechanism 12 requests an input of a PIN(personal identification number) when the 
concerved appUcation 21 is not authenticated, and allows the application 21 to access 
the smart card 22 when the application 21 has already obtained authentication. The 
application 21 performs exclusion acquisition request/release in an access processing 
unit. 



CLAIMS 



[Claim(s)] 

[Claim 1] It is the access control system of the smart card which manages access to the 
smart card by two or more appheations. K the logical channel [ finishing / a logical 
channel / exclusion acquisition ] exists in this smart card with other applications to the 
exclusion acquisition demand to the smart card from application As opposed to the 
access request to said smart card from the exclusive control means made fimishiag 
[ exclusion acquisition of this application ] and the application [ finishing / application / 
exclusion acquisition ] The access control system characterized by equipping the 
application [ finishing / apphcation / this exclusion acquisition ] with an access-control 
means to permit access to this smart card when the appUcation [ finishing / application / 
this exclusion acquisition ] is already attested from this smart card. 
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[Claim 2] Said exclusive control means is an access control system according to cla im 1 
characterized by registering into a queue the application which performed this 
exclusion acquisition demand if the logical channel [ finishing / a logical channel / 
exclusion acquisition ] does not exist in this smart card with other applications to the 
exclusion acquisition demand to the smart card from application. 

[Claim 3] Said access-control means is an access control system according to claim 1 or 2 
characterized by refusing the demand of this application when having not attested the 

application which gained said exclusion from said smart card to said access request. 
[Claim 4] Said access-control means is claim 1 characterized by changing the 
application [ finishing / apphcation / authentication ] into un-attesting by this ******** 
smart card when said smart card is extracted from a smart card reader thru/or an 
access control system given in any 1 of 3. 

[Claim 5] Said apphcation is claim 1 characterized by giving said exclusion acquisition 
demand to said exclusive control means at the time of initiation of each access, and 
carrying out the notice of discharge of exclusion to said exclusive control means at the 
time of termination of this access of each when carrying out multiple-times access at 
said smart card thru/or au access control system given in any 1 of 4. 
[Claim 6] Said exclusive control means is an access control system according to claim 5 
to which this smart card is characterized by supposing finishing [ exclusion acquisition 
of the application which registers into a queue the application which performed this 
exclusion acquisition demsuid when it was already exclusion acquisition ending, and is 
registered into said queue to the notice of discharge of the exclusion from said 
apphcation ] with other appHcations to the exclusion acquisition demand to the smart 
card from apphcation. 

[Claim 7] Said access-control means is claim 1 to which this authentication discharge is 
characterized by requiring authentication discharge of this smart card by this smart 
card at the tune from the last apphcation [ finishing / the application / authentication ] 
from apphcation to the notice of authentication discharge of a smart card thru/or an 
access control system given in any 1 of 6. 

[Claim 8] It is the share approach of the smart card which manages access to the smart 
card by two or more apphcations. If the logical channel [ finishing / a logical channel / 
exclusion acquisition ] exists in this smart card with other apphcations to the exclusion 
acquisition demand to the smart card irom application As opposed to the access request 
to said smart card firom the apphcation [ finishing / fimshing / exclusion acquisition of 
this application / is supposed and / application / exclusion acquisition ] The share 
approach characterized by pennitting access to this smart card to the application 
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[ finishing / application / this exclusion acquisition ] when the application I finishing / 
application / this exclusion acquisition ] is already attested firom this smart card. 
[Claim 9] The application are the application contain two or more access processings hy 
one smart card, or its library, carry out an exclusion acquisition demand to two or more 
access processings, respectively at the time of initiation of this access processing, give a 
discharge notice in exclusion and carry out carrying out an authentication demand to 
the smart card carry out this access processing only at the time of processing of the 
beginning of the access processings of said plurality as the description at the time of 
termination of each access processing, respectively, or its library. 

[Claim 10] When used by the information processor Ln which two or more applications 
carry out juxtaposition actuation, If the logical channel [ finishing / a logical channel / 
exclusion acquisition ] exists in this smart card with other apphcations to the exclusion 
acquisition demand to the smart card from application As opposed to the access request 
to said smart card fi^om the application [ finishing / finishing / exclusion acquisition of 
this appKcation / is supposed and / application / exclusion acquisition ] When the 
application [ finishing / appHcation / this exclusion acquisition ] is already attested from 
this smart card. The record medium which said information processor which memorized 
the program to which it makes it carry out to said information processor to permit 
access to this smart card to the application [ finishing / application / this exclusion 
acquisition ] can read. 

[Claim llj When it performs with the information processor in which two or more 
applications carry out juxtaposition actuation. If the logical channel [ finishing / a 
logical channel / exclusion acquisition ] exists in this smart card with other apphcations 
to the exclusion acquisition demand to the smart card firom application As opposed to 
the access request to said smart card from the application [ finishing / finishing / 
exclusion acquisition of this application / is supposed and / apphcation / exclusion 
acquisition ] The program to which it makes it carry out to said information processor to 
permit access to this smart card to the application [ finishing / application / this 
exclusion acquisition 1 when the application [ finishing / application / this exclusion 
acquisition ] is already attested firom this smart card. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 
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[Field of the Invention] This invention relates to the access control of the smart card at 
the time of [ which is depended on two or more processes of the data on a smart card ] 
sharing. 
[0002] 

[Description of the Prior Art] The use to various fields fi:om the data of a very bi^ 
capacity being memorizable as compared with the magnetic card used conventionally 
etc. is considered, or the smart card is put in practical use. 

[0003] Moreover, since the smart card equips the interior with CPU with memory and is 
accessed to the data in memory through this CPU, by making authentication processing 
perform to CPU at the time of access, high security nature can be reaUzed compared 
with the conventional magnetic card, and this point also serves as a merit of a smart 
card. 

[0004] The smart card has a security function by PIN (Personal Identification Number), 
and collates PIN by this function, and only when attested, controlling to be able to 
access the confidential information in a card is possible. The authentication by this PIN 
is the so-called password input method, the user using a smart card enters a password 
as PIN, and it compares within the password which has memorized this in a smart card, 
and a card, and when in agreement, access to an in-house data is permitted. 
[0005] Access to a smart card is performed through the logical channel which a smart 
card has, and an authentication demand is given to a logical channel. And the smart 
card holds the conditions about security, such as an authentication condition by PIN, for 
every logical channel of this. 

[0006] Drawing 15 shows the logical construction inside the smart card seen fi-om 
application. Within the smart card, data are managed by the configuration of a tree 
structure and DF (Dehcated File) is prepared in the unit for every appKcation used for 
the lower layer of DIR in the most significant etc. And in each DF, EF (Elementary File) 
holding actual data is stored. In case data are accessed firom a smart card, after 
application sends the positioning information which shows the location of the data 
accessed first and moves an access location to the target EF, it performs the 
readout/writing of data from the EF. Moreover, each chaimel holds the current access 
location as status information. 
[0007] 

[Problem(s) to be Solved by the Invention] The usage which uses a current smart card 
for coincidence with two or more applications is examined. For example, when the PKE 
(Public Key Instructure) system which used the pubhc key cryptosystem as the base is 
built and two or more apphcations are working by computer on this system, it is 
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considered as one operation of a current smart card that each application uses a smart 
card for the security authentication by a digital signature etc. 

[0008] In this case, two or more applications on the computer which connected the 
smart card will share a smart card. And since the number of the logical channels which 
one smart card has is about at most two, when making much applications access to the 
same card, the need that two or more applications share one logical channel comes out. 
For simplification of explanation, the following explajxation in a **** specification is 
premised on one application consisting of one process, is synonymous with a process and 
uses the word "application." Usually, although one application consists of one process in 
many cases, if application is replaced with a process and considered even when it 
consists of multiple processes, the following explanation is fundamentally the same. 
[0009] By the security method of the present smart card, if PIN authentication is 
performed to a logical channel with one application and an access permission is 
obtained, from the logical channel, not only the apphcation that received authentication 
but other applications will be able to be henceforth accessed until authentication is 
canceled. 

[0010] If it considers sharing the same information on one card, between two or more 
applications from a viewpoint of security, the direction will become firmer [ security 
level ] having performed authentication by PIN for each application of every. However, 
in the access control to the present smart card, since authentication is performed for 
every logical channel and an authentication condition (was the access permission given 
or not?) is held at each logical channel, when two or more application's share one logical 
channel, if one application performs authentication by PIN and obtains an access 
permission, access of other apphcations to a card from the logical channel will be 
attained, without receiving authentication by PIN. 

[OOll] Moreover, when two or more applications share a logical channel although the 
writing/readout of data are performed after transmitting positioning information to a 
logical channel and moving an access location in case each apphcation accesses the data 
in a card as mentioned above, as for each application, grasp of the access location of 
KABENTO becomes difficult. 

[0012] In view of the above'mentioned trouble, this invention makes it a technical 
problem to offer the access control system and management method of the smart card 
which gives authentication authorization to each application (process) of every to access 
by two or more applications (process) by carrying out unitary management of the 
authentication condition to a smart card. Moreover, let it be a technical problem to ofGer 
the access control system and management method which are realized without 
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enlarging the overhead according authentication of each application (process) of every 

to authentication processing. 

[0013] 

[Means for Solving the Problem] In order to solve the above-mentioned trouble, the 
access control system of the smart card by this invention manages access to the smart 
card by two or more applications, and is equipped with a exclusive control means and an 
access-control means. 

[go 14] A exclusive control means will presuppose finishing [ exclusion acquisition of this 
application ], if the logical channel [ finishing / a logical channel / exclusion acquisition ] 
exists in this smart card with other appUcations to the exclusion acquisition demand to 
the smart card from application. Moreover, the above-mentioned exclusive control 
means registers into a queue the application which performed this exclusion acquisition 
demand, if the logical channel [ finishing / a logical channel / exclusion acquisition ] does 
not exist in this smart card with other applications to the exclusion acquisition demand 
to the smart card from application. 

[0015] An access-control means permits access to this smart card to the application 
[ finishing / application / this exclusion acquisition ], when the application [ finishing / 
appHcation / this exclusion acquisition ] is akeady attested from this smart card to the 
access request to the above-mentioned smart card from the application [ finishing / 
application / exclusion SLcquisition ]. Moreover, an access-control means requires the 
input of PIN of this appHcation, when having not attested the application which gained 
the above-mentioned exclusion firom the above-mentioned smart card to the 
above-mentioned access request. Authentication of the smart card by each application 
was performed through this access-control means, and the access-control means grasps 
the authentication relation between each application and a smart card. 
[0016] According to this invention, since exclusive control to a smart card is performed 
by the exclusive control means, even if it shares a smart card with two or more 
applications, authentication for every application is enabled. 

[0017] Moreover, it is judged by the access-control means whether it is finishing 
[ authentication of the appHcation which performed each access request ], and since an 
access permission is given without performing authentication processing when it is 
authentication ending, the count of authentication processing is reducible. 
[0018] 

[Embodiment of the Invention] One operation gestalt of this invention is explained 
below, referring to a drawing. In order to give authentication authorization for every 
application, it controls exclusively to a smart card (it is a logical channel when a smart 
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card has two or more logical channels), and while one attested application is using the 
smart card, the application needs to monopolize a card (or logical channel), and needs to 
inhibit access fix»m other appHcations. In addition, with the following operation 
gestalten, each smart card is taken as a configuration equipped with one logical chaimel 
for explanation simplification. In addition, when a smart card is equipped with two or 
more logical channels, exclusive control explained below is performed per logical 
channel. 

[0019] Drawing 1 establishes a exclusive control device and shows the case where the 
exclusive operation of the application which accesses a smart card is performed. In 
drawing 1 , in case the exclusive control device 11 is established between two or more 
apphcations 21 and a smart card 22 and access is required from a smart card 22, each 
apphcation 21 performs an exclusion acquisition demand to this exclusive control device 
11, and the apphcation 21 with which exclusion was obtained accesses it by 
monopoHzing a smart card 22. The exclusive control device 11 of this drawing has 
managed the exclusion to access to two cards of Cards a and b. And three applications, 
an application 1, an apphcation 2, and an application 3. 21 have published the access 
request to Card a, and the exclusive control device 11 is considered as exclusion 
acquisition to the application 1 of them, and it changes other apphcations 2 and 3 into 
the waiting state until Card a is released. The application 1 which gained exclusion 
performs the readout/writing of data, after performing PIN authentication to the logical 
channel of Card a. The apphcation 21 besides during this period cannot be accessed to 
Card a. If processing of an apphcation 1 is completed and Card a is released next, the 
apphcation 2 which is in the waiting state will gain exclusion, and wiU access the data 
inside backward [ which performed PIN authentication to Card a ]. Thus, by 
estabhshing the exclusive control device 11, only one application which received 
authentication can be accessed to a smart card, and authentication for every application 
21 can be realized. 

[0020] Since in the case of the method by the configuration of this drawing 1 this smart 
card 22 is monopolized by this application 21 while one apphcation 21 is using the 
smart card 22, other applications 21 will be in a waiting state until exclusion is canceled 
and a smart card 22 is released. Therefore, by this method, the parallel processing 
engine performance of two or more applications is bad, and user-fiiendhness worsens 
very much " the apphcation in a waiting state is visible to the condition of having 
suspended long period processing and having hung-up. 

[0021] There is a method which releases in detail the smart card 22 which application 
21 monopoHzed as what avoids this when the access processing to a smart card 22 was 
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completed. By this method, when application 21 includes the access processing to the 
multiple-times smart card 22, exclusion acquisition / release to a smart card 22 are 
performed to the exclusive control deAiice 11 for every access processing, and exclusive 
control is divided into eye the top. 

[0022] The example of the exclusion acquisition / release to the smart card of each 
application by this method is shown in drawing 2 . This drawing is what shows the 
example of access processing to the smart card of each appHcation when three 
apphcations, an application 1, an application 2, and an application 3, 21 publish an 
access request to Card a like drawing 1 . As for arrowhead ** from the exclusion 
acquisition demand in the exclusive control device 11 from each application 21, and the 
exclusive control device 11, arrowhead ** to the exclusive control-among said drawing 
device 11 shows the notice of the exclusion acquisition to each application 21 from the 
exclusive control device 11. Moreover, PIN authentication processing according [ a 
shadow area ] to each application 21 and a half-tone-dot-meshing part show access 
processing to a smart card 22. 

[0023] When the application 21 which gained exclusion cancels exclusion and does not 
release a smart card 22 until all processings are completed, an application 2 will be in a 
waiting state further to the location of 33 which processing completes [ the application 1 
which hELS already gained the exclusion to Card a ] firom the location of 31 in drawing 2 
which gave the exclusion acqviisition demand on Card a to the exclusive-control device 
11 until processing of this application 2 completes an appHcation 3 from the location of 
32. However, since another application 21 to the period of which exclusion was canceled 
when appHcation 21 divided exclusive control into eye the top for every access 
processing, as shown in this drawing can access Card a, the period which wOl be in the 
waiting state for exclusion acquisition, and processing stops becomes short, and the 
paraUehsm of processing improves. 

[0024] Thus, if exclusive control is changed frequently, the period of the waiting state of 
each appHcation will become short, and the parallehsm of processing wUl improve. 
However, as shown in the slash section of drawing 2 , each appHcation wiU need to 
perform setup/discheurge processing of an authentication condition at every change, and 
the overhead for it will become large. Moreover, since PIN is transmitted in case 
re-authorization of authentication is obtained, each appHcation 21 will continue holding 
PIN and also produces the problem on security. In order to avoid this, if it is the 
configuration as which a user enters a password at every authentication processing, the 
overhead of authentication processing wiH become large further. 

[0025] The configuration which took this point into consideration to drawing 3 is shown. 
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With the configuration of drawing 3 , the exclusive operation of the application 21 with 
which the exclusive control device 11 accesses a smart card 22 is performed, 
establishing an accessor controller 12 between two or more apphcations 21 and a smart 
card 22 in addition to the exclusive control device 11, and carrying out unitary 
management of the authentication by the smart card 22 of each application 21 
according to this accessor controller 12. 

[0026] In case each application 21 requires access fi:om a smart card 22, if it performs an 

exclusion acquisition demand to the exclusive control device 11 first and exclusion can 
be gained, it will request the authentication to a smart card 22 from an accessor 
controller 12 next. And if authentication is acquired, the data in a smart card 22 will be 
accessed. 

[0027] An accessor controller 12 has an authentication status management table, and 
the authentication condition of each application and a smart card 22 is managed about 
between after apphcation 21 makes initiation declaration of the authentication to a 
smart card 22 using this authentication status management table untU it notifies 
discharge of authentication. 

[0028] Drawing 4 is drawing showing the example of a configuration of an 
authentication status management table, the table which uses an authentication status 
management table in order that the exclusive control device 11 may manage fi:om which 
smart card 22 each application 21 has acquired authentication now - it is ■- an 
application - identification information and attested card information are matched and 
memorized, an application - what cannot operate application with this general 
identifier is used by not memorizing an identifier [ meaning / for identifying each 
application 21 ], for example, identification information is added to each process at a 
process generate time, and the process ID which the kernel has managed is used for it. 
Or it is good also as a configuration whose accessor controller 12 carries out sequential 
generation addition of the identifier to the application 21 which performed the access 
request to access to a smart card. 

[0029] Drawing 4 has illustrated the case where the authentication condition of each 
application 21 over two smart cards 22 of Cards a and b is managed, and the card with 
which the application 21 is attested as attested card information to each application is 
recorded. In addition, the part of a blank shows that the smart card [ finishing / to the 
apphcation / attested card information / a smart card / authentication ] does not exist, 
this drawing - an application 1 Cards a and b - finishing [ both authentication ] - an 
application 2 and an apphcation - finishing [ each n / un-attesting and an application 3 / 
a card a / authentication ]. 
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[0030] Each application 21 performs access to the authentication and the smart card 22 
to a smart card 22 through an accessor controller 12. If there is an access request ficom 
application 21 to a smart card 22, if the application 21 investigates whether it is 
authentication ending to the smart card 22 which carried out the access request and has 
not attested to it with reference to an authentication status management table, the 
demand firom apphcation 21 will be refused, and the input of PIN will be requiced of 
application 21, and authentication processing with a smart card 22 wiH be performed. 
Moreover, if the application 21 is authentication ending, since application 21 has 
already obtained authentication authorization of the smart card 21, access to a smart 
card 21 will be permitted and it will be performed. 

[0031] Drawing 5 is drawing having shown the flow of processing of the apphcation 21 
at the time of application 21 performing access to a smart card 22, the exclusive control 
device 11, and an accessor controller 12. This drawing makes the example the case 
where an apphcation 1 accesses to Card a, and 1-23 under following explanation 
correspond with the number in drawing 5 . 

1) An apphcation 1 performs an exclusion acquisition demand to the exclusive control 
device 11 in order to perform exclusion initiation to Card a. 

2) lb the demand &om an application 1, the exclusive control device 11 investigates 
whether there is any application [ finishing / exclusion acquisition ] to Card a, and if 
other applications have already gained, it wiU register it into the queue of the waiting 
for exclusion. Moreover, if it is not exclusion acquisition settled, exclusion acquisition 
will be notifLed to an application 1. 

3) An application 1 makes access initiation declaration to Card a to an accessor 
controller 12. 

4) An accessor controller 12 registers an application 1 into an authentication status 
management table to access initiation declaration. And the input request of PIN is 
performed to an application 1. In addition, when the apphcation 1 is making access 
initiation declaration to Card b, since the apphcation 1 is already registered into the 
authentication status management table, it is not necessary to register it into an 
authentication status management table again by the access initiation declaration to 
Card a. 

5) An application 1 demands the input of a password from a user, specifies PIN from a 
user's input, and requires the authentication to Card a. 

6) The exclusive control device 11 notifies PIN to Card a, and makes an authentication 
check perform on Card a. 

7) If authentication is acquired as a result of the authentication check according [ an 
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accessor controller 12 ] to Card a, an application 1 will register that it is authentication 
ending into an authentication status management table at Card a. 

8) An application 1 requires read'out/writing of the data to Card a firom an accessor 
controller 12. 

9) To read-out/write request £rom an application 1, an authentication status 
management table is searched, and if an application 1 is authentication ending, it wiU 
access the attested card a to Card a. If it has not attested, an error will be notified to an 

application 1. 

10) When one access processing is completed and it cancels monopoly of Card a, an 
application 1 notifies discharge of exclusion to the exclusive control device 11. 

11) The exclusive control device 11 deletes the exclusion acquisition to the card a of the 
application 1 registered, and if there is application 21 otherwise registered into the 
queue of the waiting for the exclusion to Card a, it wUl register exclusion acquisition of 
the apphcation 21. 

12) An application 1 performs processings other than the access processing to Card a 
after discharge of exclusion. Since the exclusion of Card a is released in the meantime, 
other applications 21 can use Card a. 

13) An application 1 wiU give an exclusion acquisition demand to the exclusive control 
device 11, if the need for access to Card a arises again. 

14) finishing [ it iavestigates again whether the exclusive control device 11 has 
apphcation / finishing / exclusion acquisition / to Card a Kke 2 to the demand from an 
application 1, and / other applications / exclusion acquisition ] already - it is not - if " 
notify exclusion acquisition to an application 1. . 

15) An application 1 requires read -out/writing of the data to Card a firom an accessor 

controller 12. 

16) An accessor controller 12 performs the again same processing as 9. Since it is 
registered into the authentication status management table by 7 at this time that an 
apphcation 1 is authentication ending at Card a, card a hair KUSESU is performed as it 
is. The processing for a count [ 10-16 ] of the access processing to the card a in an 
apphcation 1 is repeated henceforth. 

17) If aU access processings are completed, an apphcation 1 will notify discharge for the 
authentication to Card a to an accessor controller 12. 

18) An accessor controller 12 deletes information [ finishing / card a authentication ] 
firom the application 1 of an authentication status management table. 

19) An accessor controller 12 wiH require authentication discharge of Card a, if an 
authentication condition is held and the application 21 attested stops existing untH the 
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application 21 otherwise attested by Card a stops existing in the authentication status 
management table 13. Thereby, the count of authentication processing with the same 
smart card is reducible, 

20) An application 1 notifies the access termination to a smart card 22 to an accessor 
controller 12. 

21) If the notice by 20 is received, an accessor controller 12 will delete an application 1 
from an authentication status management table. When the application 1 has not ended 

access yet to other smart cards 22 at this time, an application 1 is not deleted from an 
authentication status management table. 

22) An apphcation 1 notifies discharge of the exclusion of Card a to the exclusive control 
device 11. 

23) The exclusive control device 11 performs the again same processing as 11, and 
cancels exclusion. 

[0032] Drawing 6 is drawing showing the processiog to the smart card of each 
application by the configuration equipped with the exclusive control device 11 and 
accessor controller 12 of drawing 3 . This drawing has shown processing of the same 
application 21 under the same premise as drawing 2 for the comparison. As compared 
with drawing 2 , it is only that each application 21 is performing authentication 
processing according drawing 6 to PIN at the time of the access processing initiation to 
the very first card a, and discharge processing of the authentication at the time of the 
very last access processing termination to Card a as authentication processing, and the 
authentication processing for every access processing to the card a which was being 
performed is omitted by drawing 2 . Therefore, as for each apphcation 21, the part 
processing time to which authentication processing was abbreviated becomes short. 
Moreover, the period when the period which monopohzes Card a will also be in the state 
waiting for a part since only the part from which authentication processing was 
excluded becomes short is short, and each application 21 may end. Furthermore, since 
each apphcation 21 should perform PIN authentication over a smart card 22 only once 
first, if authentication is acquired from a card, it can cancel PIN. 

[0033] Dravting 7 is a flow chart which shows processing of the application 21 which 
accesses a smart card 22 by this system. In addition, although the device in which these 
processings are performed can also be considered as the configuration which gives 
application 21 directly, a general configuration talses the gestalt which realizes these 
processings as a library and includes this library in each apphcation 21. 
[0034] In case application 21 accesses a smart card 22, it requests exclusion acquisition 
to the exclusive control device 11 first (step Si), and waits for the response from the 
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exclusive control device 11. Consequently, processing will be ended if there is a notice of 
a purport which cannot gain exclusion from the exclusive control device 11 by a certain 
reason (steps S2 and NO). 

[0035] K there is a notice of an exclusion acquisition success from the exclusive control 
device 11 to a request of exclusion acquisition (steps S2 and YES), initiation declaration 
of access to a smart card 22 will be made to an accessor controller 12 as step S3 next. 
[0036] Access to this smart card 22 is access to the non-attested smart card 22, and 
since the authentication to a smart card 22 is required, when the input of PIN is 
required from an accessor controller 12 (step S4, YES), it checks by sending the 
password which the user entered as PIN as step S8 to an accessor controller 12, and 
requesting authentication processing. Processing is ended, if are attested as a result 
(step S9, YES), and processing wiU. be moved to step S5, it will access to a smart card 
and it wiU not be attested (step S9, NO). 

[0037] In step S4, since the further authentication processing does not have the need 
when this access is access to the smart card 22 which has already acquired 
authentication (step S4, NO), access to a smart card 22 is permitted as step S5, and 
read-out/writing of data are performed. 

[0038] Tfermination of access processing of step S5 makes termination declaration of 
access to a smart card 22 to an accessor controller 12 as step S6. And as step S7, 
discharge of the exclusion to the smart card 22 is noti£ed to the exclusive control device 
II, and the access processing to a smart card 22 is ended. 

[0039] Drawing 8 is a flow chart which shows processing of the exclusive control device 
11 over the exclusion acquisition demand from appHcation 21. If the exclusion 
acquisition demand to a smart card 22 from apphcation 21 is, the exclusive control 
device 11 will judge whether it is exclusion acquisition ending as step Sll with the 
apphcation 21 of others [ smart card / 22 / of which exclusion acquisition was required ] 
already. If exclusion acquisition by the apphcation 21 besides the result is not performed 
(steps Sll and NO), it registers as finishing [ exclusion acquisition of the smart card 22 ], 
exclusion acquisition is notified to the apphcation 22 which required, and processing is 
ended. 

[0040] Moreover, if other appHcations 21 are exclusion acquisition ending at step Sll 
(steps Sll and YES), this exclusion acquisition demand wUl be added to the waiting 
queue for exclusion as step S12, and processing wiU be ended. 

[0041] Drawing 9 is a flow chart which shows processing of the exclusive control device 
11 over the notice of discharge of the exclusion from application 21. If the notice of 
discharge of the exclusion from appHcation 21 to a smart card 22 is received, the 
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exclusive control device 11 will delete the registration as step S21 the application 21 of 
whose has been exclusion gained, and wiU cemcel exclusion. 

[0042] And the waiting queue for exclusion is investigated, and if the apphcation 21 
which serves as waiting for exclusion to the smart card 22 of which exclusion was 
canceled exists (steps S22 and YES), after registering the exclusion acquisition to the 
smart card 22 of the application 21 registered into the head of the waiting queue for 
exclusion and dispatching a smart card 22, and if waiting does not exist in the waiting 
queue for exclusion {steps S22 and NO), processing is ended as it is. 
[0043] Drawing 10 is a flow chart which shows the processing of an accessor controller 
12 to the access request to the smart card 22 from application 21. To the access 
initiation declaration fcom application 21, as step S31, an accessor controller 12 
registers apphcation 21 into an authentication status management table, and registers 
an access request process to a smart card 22. 

[0044] Drawing 11 is a flow chart which shows the processing of an accessor controller 
12 to the access request to the smart card 22 ftom application 21. As for an accessor 
controller 12, with reference to an authentication status management table, the 
application 21 investigates whether it is already authentication settled &om the smart 
card 22 of the access request point as step S41 to the access request £rom application 21. . 
Consequently, if it is already authentication ending {steps S41 and YES), since the 
further authentication does not have the need, an access permission is notifled to 
apphcation 21 as step S45. 

[0045] If the apphcation 21 has not acquired authentication yet (steps S41 and NO), 
since it is necessary to perform authentication processing at step S41, the input of a 
password is required of apphcation 21 as step S42, and the authentication check by PIN 
is requested to a smart card 22. Consequently, if authentication is acquired from a 
smart card 22, an access permission will be notified to apphcation 21 as step S45 and 
authentication will not be acquired (steps S43 and NO), access disapproval is notified to 
application 21 and processing is ended. 

[0046] Drawing 12 is drawing showing the structure of a system which uses the smart 
card in this operation gestalt. The access control system 40 which manages between the 
apphcation 41 in this operation gestalt and smart cards 42 is constituted between the 
smart card reader 43 and the library 44 of each apphcation 41, and is reahzed in the 
form mounted in OS as one function of OS. 

[0047] Application 41 performed altogether the authentication processing and access 
processing to a smart card 42 through this access control system 40, and the access 
control system 40 grasps the exchange between each application 41 and a smart card 42. 
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Moreover, if the condition of the smart card reader 43 is also grasped, for example, a 
smart card 42 is extracted from the smart card reader 43, the access control system 40 
investigates an authentication status management table, and if there is application 
which the card makes finishing [ authentication ], it will change it into un-attesting. 
[0048] In addition, although the access control system 40 has composition which has 
separately the exclusive control device 11 and an accessor controller 12 in the interior, 
these are also reahzable as one functional component. Moreover, on security, since two 
or more apphcations share an accessor controller and a exclusive control device, if it 
realizes in the kernel of OS, they can improve security more. 

[0049] Drawing 13 is the system environment Fig. of an information processor when a 
computer program realizes the access control of the above-mentioned smart card in this 
operation gestalt. The information processor which mounted the smart card like 
drawing 13 CPU51, ROM, I/O devices (I/O) 54, such as main storage 52, an auxihary 
storage unit 53, a display, and a keyboard, LAN and WAN by RAM, The network 
connection equipments 55, such as a modem which performs other information 
processors and network connections by a general circuit etc., a disk, It had the smart 
card reader 58 which the medium readers 56 and 1 which read the contents of storage 
from the portable record media 57, such as a magnetic tape, thru/or plurality are, and 
mounts the smart card 59, and these are equipped with the configuration mutually 
connected by the bus 60. 

[0050] Moreover, in the information processing system of drawing 13 , the program and 
data which are memorized by the record media 57, such as a magnetic tape, a floppy 
(trademark) disk, CD-ROM, and MO, with the medium reader 56 are read, and this is 
downloaded to main storage 52 or a hard disk 55. And each processing by this operation 
gestalt can be reahzed by software, when CPU51 performs this program and data. 
[0051] Moreover, in this information processor, exchange of apphcation software may be 
performed using the record media 57, such as a floppy disk. Therefore, this invention 
can also be constituted as a record medium 57 in which computer read^out for operating 
the gestalt of operation of above-mentioned this invention as a computer is possible, 
when used not only by the access control system and the share approach of a smart card 
but by computer. 

[0052] In this case, as shown in drawing 14 , the memory CRAM or hard disk) 75 grade 
for example, within the portable record medium 76 in which desorption is possible to the 
medium driving gears 77, such as CD-ROM and a floppy disk (or you may be MO, DVD, 
a removable hard disk, etc.), the storage means 72 (database etc.) in the equipments 
(server etc.) of the exterior transmitted by network circmt 73 course, or the body 74 of 
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an information processor 71 is contained in a "record medium." The program memorized 
by the portable record medium 76 and the storage means (database etc.) 72 is loaded to 
the memory 75 within a body 74 (RAM or hard disk), and is performed. 
[0053] (Additional remark l) It is the access control system of the smart card which 
manages access to the smart card by two or more applications. If the logical channel 
[ finishing / a logical channel / exclusion acquisition ] exists in this smart card with 
other applications to the exclusion acquisition demand to the smart card from 
application As opposed to the access request to said smart card from the exclusive 
control means made finishing [ exclusion acquisition of this application ] and the 
application [ finishing / application / exclusion acquisition ] The access control system 
characterized by equipping the application [ finishing / application / this exclusion 
acquisition ] with an access-control means to permit access to this smart card when the 
appKcation [ finishing / application / this exclusion acquisition ] is already attested firom 
this smart card. 

[0054] (Additional remark 2) Said exclusive control means is an access control system 
given in the additional remark 1 characterized by registering into a queue the 
application which performed this exclusion acquisition demand if the logical channel 
[ finishing / a logical channel / exclusion acquisition ] does not exist in this smart card 
with other applications to the exclusion acquisition demand to the smart card fi:om 
application. 

[0055] (Additional remark 3) Said access-control means is an access control system the 
additional remark 1 characterized by refusing the demand of this application when 
having not attested the application which gained said exclusion firom said smart card to 
said access request, or given in 2. 

[0056] (Additional remark 4) Said access-control means is an access control system the 
additional remark 1 characterized by managing the authentication relation between 
application and a smart card using the process ID of this application thru/or given in 
any 1 of 3. 

[0057] (Additional remark 5) Said access-control means is an access control system the 
additional remark 1 characterized by changing the application [ finishing / application / 
authentication ] into un-attesting by this ******** smart card when said smart card is 
extracted firom a smart card reader thru/or given in any 1 of 4. 

[0058] (Additional remark 6) Said application is an access control system the additional 
remark 1 characterized by giving said exclusion acquisition demand to said exclusive 
control means at the time of initiation of each access, and carrsdng out the notice of 
discharge of exclusion to said exclusive control means at the time of termination of this 
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access of each, when carrying out multiple-times access at said smart card thru/or given 
in any 1 of 5. 

[0059] (Additional remark 7) Said exclusive control means is an access control system 
given in the additional remark 6 to which this smart card considers supposing finishing 
[ exclusion acquisition of the application which registers into a queue the apphcation 
which performed this exclusion acquisition demand when it was already exclusion 
acquisition ending, and is registered into said queue to the notice of dischai^e of the 
exclusion from said application ] as the description with other applications to the 
exclusion acquisition demand to the smart card from application. 

[0060] (Additional remark 8) Said access-control means is an access control system the 
additional remark 1 to which this authentication discharge is characterized by 
requiring authentication discharge of this smart card by this smart card at the time 
from the last apphcation [ finishing / the application / authentication ] from apphcation 
to the notice of authentication discharge of a smart card thru/or given in any 1 of 7. 
[0061] (Additional remark 9) It is the share approach of the smart card which manages 
access to the smart card by two or more apphcations. If the logical channel [ finishing / a 
logical channel / exclusion acquisition ] exists in this smart card with other apphcations 
to the exclusion acquisition demand to the smart card from application As opposed to 
the access request to said smart card from the apphcation [ finishing / finishing / 
exclusion acquisition of this apphcation / is supposed and / apphcation / exclusion 
acquisition ] The share approach characterized by permitting access to this smart card 
to the application [ finishing / application / this exclusion acquisition ] when the 
apphcation [ finishing / apphcation / this exclusion acquisition ] is already attested fi:om 
this smart card. 

[0062] (Additional remark 10) The apphcation are the apphcation contain two or more 
access processings by one smart card, or its librarj', carry out an exclusion acquisition 
demand to two or more access processings, respectively at the time of initiation of this 
access processing, give a discharge notice in exclusion and carry out carrying out an 
authentication demand to the smart card carry out this access processing only at the 
time of processing of the beginning of the access processings of said plurality as the 
description at the time of termination of each access processing, respectively, or its 
hbrary. 

[0063] (Additional remark 11) The Hbrary of the apphcation are the hbrary of the 
apphcation contain two or more access processings by one smart card, carry out an 
exclusion acquisition demand to two or more access processings, respectively at the time 
of initiation of this access processing, give a discharge notice in exclusion, respectively 



18 



at the time of termination of each access processing, and carry out carrying out an 
authentication demand to the smart card carry out this access processing only at the 
time of processing of the beginning of the access processings of said plurality as the 
description. 

[0064] (Additional remark 12) When used by the information processor in which two or 
more applications carry out juxtaposition actuation, If the logical channel [ finishing / a 
logical channel / exclusion acquisition ] exists in this smart card with other apphcations 
to the exclusion acquisition demand to the smart card from application As opposed to 
the access request to said smart card from the application [ finishing / finishing / 
exclusion acquisition of this application / is supposed and / application / exclusion 
acquisition ] When the application f finishing / application / this exclusion acquisition ] 
is already attested from this smart card, The record medium which said information 
processor which memorized the program to which it makes it carry out to said 
information processor to permit access to this smart card to the apphcation [ finishing / 
application / this exclusion acquisition ] can read. 
[0065] 

[Effect of the Invention] According to this invention, since exclusive control to a smart 
card is performed, even if it shares a smart card with two or more applications, 
authentication of each application unit is enabled. 

[0066] Moreover, since authentication processing is performed only when it will be 
judged whether it is finishing [ authentication ] and the smart card will not have 
attested the application if application performs an access request to a smart card since 
unitary management of the authentication relation between each application and a 
smart card is carried out, the count of authentication processing can be reduced and the 
overhead by authentication processing can be made small. Moreover, since 
authentication processing by PIN is performed only at once first, application does not 
need to continue holding PIN and can aim at improvement in security level. 
[0067] Furthermore, access of a smart card is attained among two or more attested 
apphcations, with an authentication condition held. Moreover, application can shorten 
the waiting state period for exclusion acquisition. Therefore, the parallelism of 
processing can be improved and compaction of the processing time of each apphcation 
can be aimed at again. 
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19 



fPrawin^ l1 It is drawing showing the configuration at the time of establishing a 
exclusive control device and performing the exclusive operation of access to a smart card. 
[Drawing 2] It is drawing showing the access processing to the smart card of each 
application at the time of the configuration equipped with the exclusive control device. 
[Drawinsr 3l It is a block diagram at the time of establishing a exclusive control device 
and an accessor controller. 

[Drawing 4] It is drawing showing the example of a configuration of an authentication 
status management table. 

[Drawing 5] It is drawing having shown the flow of processing of the apphcation at the 
time of application performing access to a smart card, a exclusive control device, and an 
accessor controller. 

[Drawing 6] It is drawing showing the access processing to the smart card of each 
application at the time of the configuration equipped with the exclusive control device 
and the accessor controller. 

[Drawing 7] It is the flow chart which shows processing of the application which 
accesses a smart card. 

[Drawing 8] It is the flow chart which shows processing of the exclusive control device 
over the exclusion acquisition demand fi:om application. 

[Drawing 9] It is the flow chart which shows processing of the exclusive control device 
over the notice of discharge of the exclusion fix)m application. 

[Drawing lOl It is the flow chart which shows the processing of an accessor controller to 
the access initiation declaration to the smart card from application. 

[Drawing 11] It is the flow chart which shows the processing of an accessor controller to 
the access request to the smart card from application. 

[Drawing 12] It is drawing showing the structure of a system which uses the smart card 
in this operation gestalt. 

[Drawing 13] It is the system environment Fig. of an information processor. 
[Drawing 14] It is drawing showing the example of a storage. 
[Drawing 15] It is drawing showing the logical construction inside a smart card. 
[Description of Notations] 

11 Exclusive Control Device 

12 Accessor Controller 
21 41 Application 

22, 42, 59 Smart card 
40 Access Control System 
43 58 Smart card reader 
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51 CPU 

52 Main Storage 

55 Auxiliary Storage Unit 

54 I/O Device 

55 Network Connection Equipment 

56 Medium Reader 

57 Portable Storage 

60 Bus 

71 Information Processor 

72 Storage Means 

73 Network Circuit 

74 Body of Information Processor (Computer) 

75 Memory 

76 Portable Record Medium 



* NOTICES * 

JPO and INPIT are not responsible for any 
danages caused by the use of this transiation. 

1. This document has been translated by computer. So the translation may not reflect 
the original precisely. 

2. **** shows the word which can not be translated. 
3.1n the drawings, any words are not translated. 
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mre^m.Wr:f')'T-i^ny\t?i]:i<DX-h^m^ 

t§= §77°U-5^->'5ytcj;?>Xv-F;^j-F(?)^|E 
fiil®7^5'-feXW^g^fflLT?Tfcn. T^'a.X^m 

77"U^r->'3>tZV-F:^-Fi; ©^11 M 30 

[0 0 16] ^p:|gH^tcj;nti. SWM^gCjcD. X 
^- F F fcMt 

7:/'; ^-i^ 3 >t:: J; o T7;t- F ^- F^ftffl L T 
#7yy ^-S^3 >«©SSE^RJtg tt^o 
[0 0 17] ffc 7^^zXW=^igfcj;(9. §7^-fe 

40 

[00 18] 

Bffi^#Mt.*;&"«5Mt5o #7:?'';'5r-s^3y 

-F (X'7-F*-FA«®!IS^^^>yV%feo## 

ocD7^U >3 y*U^- F;&- F^fgffl LTV^§ 
r^. ^<07:/uy— >3>^)^;fr-F (^U<ti:iia5^^ 
^*SU m>7-f^}'r-i^^yfi'^<D7^'tx 
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^m-r:\i.^7.^-Yf!~ Fiiiaf-^-^^/V^ i 
S^tf^c n^X-v'-F*-F*^^ii#a^t#>;l/^lt 

[0 0 1 9] H 1 ti. gPMffllS^^^it, X^" F* 

- ]i\z7 '7^7.t^7^^)'T~yB yfDmmmm'j^ 
m^^m. Eim itifc<D7^u^— >3y2 1 
hT.^- F A- F 2 2 (omnMmmmm 1 1 *stt> 

XV-FA"F2 2t)ltLT7^-fe7.^SiR'r5|^. # 

7:^yar->/3y2 ifitoSPfliiMWSi uznLx 
Sffl&l^^^m^. gpto^#&nft7:/u-ir^v/3y 

2 1*^ 7.V-F*-F2 2^^LT7e'-feX*fT 
5o HH^Mf'JWSl lti*-Fa. b©20©* 

7:/y K 77°'J 2S.tf7'/U 3CD3 0©77°U^-V' 
3^2 lA^A-Fat?#LT7i'-feXSAR%?l^7LTfe 

swjiiiigi ia^©^-^cD7yy ifc^ifLTS^ 

«#tU ffi077'U2S:!:f3aA-Fa;6«Sn 
ii. A- F a 0^Sia9^-V#>;l/tcMUT P I 
V'r-PayZHt. ti-VaicnLT7^'t7.t^C 

tmm^\ 7^v 1 (om^^T a- f a 
S[-r5t, '^c, #-et(caii;a-3Tv^s77°'j2*^^ffa 

*-Fat*tLTP I NfliEJ&^T^;fe^F^a5 

cDT-^fti:7^'-fexi-s, cmimmmmmi i* 

^tj-SCttJicfcD, ^iiE^§{j-ftl-:J£07:^'J'5^-'>3 
y©?^Xv- F*- FtJtt LT7 ^'-trX'T^ t i:;&^as 

[002 0] il©gl£Dffifigfcct5:&iS©^^, iO© 
7yV^-y3yZ lA^X'7-F*-F2 2^«fflLT 
'.'^^ Ps^ 'I ©XT- F F 2 2 il ©77°iJ ^^-S^ 3 y 

2 U'l#:t$n?.©T\ ftk©77"ij^-v'3y2 HiSf 
fi:^)m*nx-7-F;fj-F2 2AW?nS^l'#-& 

3 y ©M?ijjQffi'tttOT < . % m^'m\-c h^7^^) 

fr-va y\t^^,MWmmtX,X)<y'f7v 7htc 

[0 0 2 1] c:n^|i!ig'r5fe<7)i:LTf±. 7/y'>-- 
i/^yz lAUv-F;4f-F2 2'\©7^'-trX^!ia*'^ 
7-r 5 t^S LTV^fcXV- F K 2 2 ^jl-^iKt 

:s:^A^fe:So ^(ot^-^it. 7yy^-e/3y2 

mifilXT-F;?3-F2 2te^-r57^'^X^fia^^£f 

^7^'zmm.mmmmmm \ itsbTx 

T- F*- F 2 2^©gPflk»lf/»SS[^fTV\ 

[0 0 2 2] 0 2 c©7^^EJ:S#7yy'>-— yg 
y©XT- F F'NCSMff/mofy^S^t. M 
HtJ. HI i:^«7^y U 7yy 2&tf7yy 3©3 
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6 (om i fiMWS« 1 1 B#7:/U ^— > 3 > 
V^-iy^y 2 1 1 is p I N^,iEj!!M, JB&itSP^^ti 
[0023] gfffi%a# bfc7-/U ^r-S/ 3 y 2 1 10 
2^mb&!&^o:feJi^, 7:^U2fig»J®S^l 1 

S*^ S . gttc A - K a 'xCSKfi^aii L T l/^ ^ 7 U 1 

A^ia^j^^T-rs 3 3 (Dimtx\ m^r^^j s tis 2 
©ffis*^c>ci®7y'; 2mmi}'^%jt^'^'(!^mm 

i^|:fl!lWtSnfciaF^{CStJ(D7:^U^-5^3y2 1 

^)^;^J-Ka^c7^'•fex1^5(:^l*^^B?fe5©•^^^ ffffil# 20 

[0 0 2 43 cmic. Mmm^m^m^^t. 

t^^)T\ ^7:/y'^— >'3>2 lA^p I Y^^m\.w. 

[0 0 2 5] m^izccD§.^^!gLrcmm^to as 
©SfiSm agt©7:^';'>--~>3>2 1 Jixv-hx? 
- F 2 2 (ofSK. mimmmm 1 1 t^iia^7^'txfijffl; 

ffiffil2^Stt. C(D7i'-tX|iJW«l 2Cj;or^ 
7;/,j^_,>3>-2 lcDX-7-h;d-K2 2fc<t5ElE 

F 2 2 fi:7^?-feXt57*/U'y— >3 >'2 1 ©SP»a 40 

[0 0 2 6] #7:/U^r-e/a>'2 l{iXV-h;«7-F 

2 2 F^tDT-^}i:7^'-feX-f §0 

[0 0 2 7] 7^'-bxft!ijMffii zmmmmm^- 
> 3 > 2 1 ^i^xv- F ^j- F 2 2 ^(Dmmmm. 50 



§7/y a y i:XT- F*- F 2 2 ^©ilSEttl 
[0 0 2 8] 0 4 f±. l[iIEmitar-7";P©ffig!cM^ 

v' 3 >' 2 1 A^iis ^©x V- F A- F 2 2 mmm 
feoT. ciDmm. -m7yv'r-iy3yi}'^m 

D^,E|l^§o j^St/^ii. X'^-F:^;"F^7^'-tX'\© 
7^^iXS3<vHTo?c77°U^r-S/3 y2 1 tS*LT7 
^^-feXSiJ«« 1 2«lJ?^lii^M#[IbTt*<S 

[0 0 2 9] il4ti:^J-Fa, b0 20cr)X-7-F:tr- 
F2 ziLMt^^7yV'r->'3yz KDWSAm^'S 

WMm^T]- F'iS t bT%(D7 7°U ':r->' ay 2 Iff 

- FiiW/2ffl©SP$3H±, ^©7 /'J :/tc^L 
EE^?*^fc*-pTV^5XV- F*- F>6^#ffiL*t.^c i: 
^Sto HElT'ti, 7:;^>; ISA-Fa, bffi:??*^ME 

5^2)^, 7:;^U2. 77^Unt±^/^•fn^>*mS. 77"U3 

[0 0 3 0] ^77'U'y-'>'3>'2 UJ, XV-F:^;- 
F 2 2 E^-rSEIERtfXV-F*- F2 2'\©7^'-fe 

x»7ir^xmmmi z^frbxn^a 7:fv^-y 

syz l^^&X-7-F;?J-F2 2'\^07^?^rXS^^l^t 

Eiiitwa^-7;vm^ur^o7:^y'^- 

-> 3 y 2 1 A^7<^^IXS*L/cX■7- F F 2 2 

lEi^^^ § E 9 ^^^is-^. B (f 7 -Jr- 
^3^2 i*^s©ssit^g»L. ^rc7:/';^^-y3y 

2 ICP I N©A^J*B5fcL.TXV-F*-F2 2i:cD 
EIB!La=£ff5» Sfcs ^©77'J^r->^3y2 
iE^3itiS:6(f7/ijy-^^3 ^2 Uiffiti:^©xv-F 
F 2 1 ©EEfFRr^#TV^;50T'XV- F*- F 2 

i'\©7^'-tx^fFRrb. mt^. 

[0 0 3 1] iI5t±7yU'5^-i^3y2 l:«)Uv-F:?J 
-F2 2'\07^7-bx:£ff5l^©, 7f^)'r~'yBy2 

1 , gfffi$ij»M 1 1 ms7^'t7.mw% 1 2 ©ma 

<m.n^7rshTmxh^. |Hl0{i77'U l^j^'^-Fatc 
MUT7i^'fex;&tT51-&^Mt:L,r^3f3, SfeJ-XT© 

mm^(Dl) -2 3) aH5 43©#^^lM^5LTV^^. 

1) 77U wtts-Y &-\<Dnmw\^^mfc^. m% 

2) 7y'J lA>5©M*{c*fU Hi, 
A- F a ttj^ L0f«^©7:/'J y— >3 §;6> 
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3) 7/'; ISi. 7^-trXW«l ZJc^-Ka'x© 1 7) ^7^^rXMaA^^71-§i:7:/U 1 1±. 7^-fe 



4) 7i?t^|fi$&lMtMt7^'-fe;^aWSl 2ti. 1 8) 7'7'(LJ.'m^%\2\t. ^tEK^ffSx-:^;!^ 

77U 1 £ p I Nox;f:S:d^^ff do NaT^y i jb^A- 1 9 ) y^'cLTMWm 1 2 fi. ^lE^^gSr-:^;!^ 

Kbfcfe7i''feX|§§&aH*fToTVi5Jt^a; 7:^y l 3^^:fi!^^c*-^'afi:^iE^nTl^57•/y'^— >3> 

5 ) 7^'; 1 tta-f fc-'Uy- KOA}^^IEL. - Fi^<DffiEEMacD@M'fJM"r5 n t^Wk^. 

'^(DXtt^ib? I N^ii£Lr;!7-h*a'\©^ii^g:ys 2 0) 7:/'; 1 r^^xmmmi zK7.-^-vi3 

tSo -F2 2'\tO7i'^X||7^aj0t5= 

6) 1 1 A- F a tj5f bP I N^sjfl 2 1) 2 0) xmmm^tT^'uxmmm 1 2 

U A-FaEllE5^x7i'^fffe^S„ f±^,tittMWST— 7:/';i*»-r5o C 

7) r^'irxmmi Zit. ;?;-Fatj:§^gEg^x ©^7/U 1 ^)^*©XT-FA-F2 2£S>fUTa$f£ 

yi^com^. mmm^nm. mm^mmr-f/i' 7^-tx%ll7LTv^§;^,^l^^il[l^^^tar-7;^ 

fi:7:/U l*^j5r-Fatc^iE^SiiT'$5clfc^S^-r 20 A^&7:/i; 1 ^«L;S:V\ 

2 2 ) 7 />; 1 ttSffa»«« 1 1 C A- F a QMtm 

8) 77°'; I a7i^'feXM«S 1 2 icML. F a )i^*aftii-§o 

'xOr-^cMS^tBL/tfiii^^^^S^I-S, 2 3) p«J«a 1 Hi, 11 ) tra^^iiM^ 

9) 7:/'; 1 f>BmmL/mT^m-MKMu mw. m\ ^^^ii^So 
'jmmT-:r}V^mu jzfv iswm-Fa [0032] ^esi. msmmmmmi imr^ 

{tESEJ§3i*6tf*-FalE:*tLT7i'-feX^1t5. * -frXfiJWilSl zm^r!:mmcX^^7-/V^-'y3 

mB^£<bl£. 7:/'J 1 tx^-%a^at5= y©7Lv-F:«;-F'\O5!m^a^'r0T?«So Riafi, 

10) \ -0(07 ir^mwf ^7 L:^-¥3immm mtorcmztmi^wmonr^omy-fv^-^^B 
m^^-^i^. 7fv 1 1 1 mmm y 2 1 ©jjM^s^Ltfes, 0 e ^gi 2 tm.t^ 

1 1) Ui, aiS2nTi/^57^'J 1© ^P]cO;^7'-Fa'\^D7^'■feXW?ifeEf©P I N£j:5^ 

F a tM-rsmW^f JItL, A- F a 'n© HEMffii:. -#ft!g(D7 ^^-bXM^7^t-A- F a '\ 

Mf#-e'04^a-Kl^^nTV>§7:''y^r— >3y2 cDMiEtDM^i2La^fT^Tl/^§0^^-f?. HZ-f^afT-^r 

1 mni,t^<07f'} ^-"y 3^21 (DSffiSa^^S® h^tcf3~ F a -\©^7^^?7,^!lSfei^g|iEMa*^'tlS$ 

tlTV^So =fcoT^7:^U^-i^3y2 Hi^.|iE®a^)^ 

I 2) im^iSm 77°U lti:^J-Fa'\iD7^'-feX tSi&*n/c53-j!aa^fl^)^^< ^i>o ^fc«-7:/';^-^> 

®aJ-X^CDffia^lT5= C©F^. :^J-Fa€)|fffi^^SSc 3^2 1*\ *-Fa^W#l>Tl/^^fflF^fel!IiEffia:6^ 

Lz\^^(Dxm77')'r-yayz \m-'^a^^ m-^hrc^mm<^£?>(ox\ ^(D^w^^tr^m 

c tm^^o mm< x-tmmm^^o w>t^7:fv ^-y 3 y 

1 3 ) 7zrv 1 f±, us*- F a '\07^-b7:i?)iE^>&^ 40 2 1 a, XV- h :iE)- F 2 2 tcj^r S P I mmmi 

i:, 1 1 mmm^moc 1 1 ^tfiv^o^, FA^sESEs^iatin 

1 4) yyv 1 ft^6©S*(E:*tL, PWiJWffi 1 1 {± if VI mmt?> t tS^ffiJ^So 

2) fc^a ^r-Fa£MbSfM#?^®7:/'jy-e/ [0 0 3 3] 07t4, *5/XrAfC<J: ?J XV- F*-F 

3 yA^#§*^Sgl'^. afcffi©7^'; -5— > 3 yA^SP 2 2 f<:7i^-feX^^T5 7^y ^-y 3^21 ©M^^^ 

ffia^^T^JtWl 7^U 1 fcSMI#§ffi*q1-§o 1-7 n-^^-F ^Ctl^Cffla^ff^SS^ 

1 5) 7yvut7^^mmmmi 2[^5^u ^-f 7/';^r-y3y2 leng^ft-iirsi^ttsiitt* 

1 6) 7^^xmmi 2it. wms) tmmmm <Dy4y'yv^^7^v^~yByz ncm^mm 

l>&^A-Fa{cg,iE?f?ii-eS§£:i:!6M$nTV^§© 50 [0 0 3 4] 77'y'>-— ^ 3 > 2 Hi, XV-F*-F 



(7) #12 0 0 2- 1 5 7 5 5 4 

11 12 

(Xr^T'S 1) . 1 2 1 ©^P«#iS^*®S^^imLTM%P^t5o 

is^ h (y^mc-mo. ^m^. ^mmmm wi^^m [0042]^ \.x^\m%-^3.-^m^. ^mif-wm 

(Xr-y^S 2. NO) , M^IITtSo 57y'J^->'3 1 IfmLtm. Ur-y^S 2 

[0 0 3 5] #W#©feS£Jtb, MW^l 1 2. YE S) . ^M#-5^a-©5tS£Sg^nTt.^§ 

ii-^m{mmm<mm-Mm (xr>yys 2, ye 7:/y'jr->'3y2 i©^-0XN'-h;{7-K2 2'\©ip 

S) , :k\t.7.Tvf^ 3 tLT. 7^^-feZ»*ISl 2 fl6!i#%lSl.TXV-h*-H2 Zi&T^^'X/^yg^L 

fC7.V-hA-K2 2^07^'-lrX©lJesW^fT5o ^ SftgPfik^-54^^-K#-&A«batjn{f (X 
[00 3 6] i:(DXV-h:^j-K2 2'\(D75^-feX*^* 10 Ty:/S2 2, NO) ^©Sf. Ma^SUtSo 
^>IE£DXT-h;&-F2 2'\(D7^'-feXT'feD. [0043] ^lOli. 77'U^r->'3 y 2 D&^BOX 

bA-K2 2^0i!IE!b^je^S:fci67^5'-trXWillll •7-h;!j"-K2 2^©7^^-bXg*fc)t>tt57^'"lrX^J 

2^)^5P I N©A;'3^g*?nfeB# CXr^y^S 4. Y ®lt|)il 2£Dma*^-r7a-^-^-h-r-S§= 77°U 

ES) . Xx-y:^S SfcLTP I Ni;LTa-WA* 'r-V^Vl l;ii^&tD7^^-feXll^f&MtMU 7^^r 

L^:/U7-K^7^-feXM««l 2{^3MoT. EIE XMfflffiSl 2ti. Xx-y^S 3 1 ilLT. ^^lEt^llt 

mm^mmm^tjoo ^m^mm^nm (xx ax^7';i'tc7yu^r-i/3y2 i^sslt, x^- 

7:/S 9. YES). jail^Xr^yS St^LTX^ h*-K2 2ti:MLr75'irXS5K:/p-bXJ£^t 

-h*-F^7^-kxL, mm^-timm (x^-yT" 

S9. NO) , mmMi'ft^o [0 0 4 4] HI lit. 77'J^r-.v'3>'2 1*^6©X 

[0 0 3 7] X^'yyS4tte^^T, il®7^'^X« 20 v-h;^-K2 2'\©7i'-feXSjRfi:S!t1-§7^-feXfglJ 

fc^lE^?iTi/^5XV-}-;f7-K2 2'\©7i'-bX"J?S Mffil 20j!M*a^1-7n-^^-M?S§o 7:/y 

5^ (XT>y:/S 4, NO) , Ift^TOMti^JS^fi -5— >3 y 2 U^5©7i'-feXgjRmU 7^'-bX$iJ 
V^O-e, Xxy::^S 5 i;bTXT-h*-h*2 2^x07 2aXf->y:/S 4 1 t 

i^-trXSfjFWLTx-^fC0^&fflL/#5i&^ff5o ;l/^#filLT, ^©77U^-v'3 ^2 1 *^7i^4rXS 

[0 0 3 8] xr^yT's sa^r^'iimmmjt^ ^^<D:^'=?~v^-irZ2pBmmmT^^^if>Eo 

TXV-f-*-F2 2^<D7^'tX(Dm^W70. S 4 1, YES) . SS:S^fE(ii2>gilV^©t?. Xr-y 

^LTXr^yS 7fcLT. ^©XT"h;!j-K2 2-. T'S 4 5 i:LT7:/'J^r-5^a ^2 lti:>tifLT7^'-feX 

-F2 2^©7-?-tX5!l;I^||Tt5, 30 [0 0 4 5] Xx'y /S 4 1 -p. ■?-077'U'^r-y g y 

[0 0 3 9] HSa. 77'U'ir->'3y2 lA^BOSffS 2 lA^f /cl[iE^f#TV''fel/^OSP>(f (XT->y:/S 4 

1 1 ®Bii^.T^t7ci- 1. NO) , mwm^'^75'mm^<D'^\ xr-y?' 

^^-h-^S^c 7yU^r-y3>2 Itl^B. X-7-h S4 2i:LT7/U^->'Hy2 Itc/^XV-FWA^ 

*-F2 2-\©M»f#gjj<*^$§^. SWJ««1 ^g^U X-V^h;f7-F2 2t[:MLTP I NCiSl 

Hi, Xf-yfS 1 1 ttT, ffi«f*S5R$nfcX Ui'^y^^mt^. ^m^. XT-F*-F2 2 

■7-h*-H2 2*\ mmioryvr-i/ayz lie t)^hmmm%^nm. xryfs 45tLT7yv^ 

%}m7^^)'T~^y^yi j:ssmi#*^?ffctiT hm^xmwt (xx-y^s 43. no) , 7<>-bx 

(Xf-'y:^S 11, NO) . ^©XV-h;!7 ' ^fFRr^7yU^^— >3 > 2 1 tEijtlfLTatlLTjSia^ 
-K2 2%SPfiiif#?^aitLTaiiL. gS;£fTt5fc7 40 ^7tSo 

:/U'>-->'3>2 2tgPffaill^3i?aLTjM^*l7t [0 0 4 6] SI 2{i. *||ffl}^^t<:S*ftSXT-h* 

-F^S^-rsi/XrAOtfie^^tST'Z&So *IISS 

[0 0 4 0] SfcXxyT's iiT?ffi©7:''U'^-5/3 jg®T07:/y -^--s^a ^4 1 ilXV- F*- F 4 2 h 

yz 1 ^)^-#ffilt#^S^l?S§'S:Btf (Xx^yys 1 U ©F^%'iat57^irXWayXxA4 0t±. X^-h 

YES) . XT>y:/S 1 2^lbTC®ffWf5SSSf :?J-F';-^^'4 3t^7yU^r-y3y4 l^^-l'/^ 

[0 0 4 1] S9(J. 7y';^r-5/3y2 U^S^SPffi fiO s tt^s?n§jgT?^^n5c 
©»!tl^£j!^t§IMMiJMSi 1 ©ffia^S^-r7n [0 0 4 7] 7:/U'5r— >3 >4 1 fi. XT-h*-F 

-^^-FT?j6^o 73/,jy^,>3y2 l;{|^5X-7-F 4 2tC)ttr5g|Effla^7^'-feXM^. ^Ti:07^' 
A-F2 2-.^DSf{tt!©Plta5sa*St^St^ Sffl!lW« so ■feXWa^/XTi.4 0^:f^LTffV\ 7^'-bX»yX 
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S5^X-ri:x4 0a. XV-hA-K'J-^"4 3©mife 

h-*- H 4 2 ^^fejs^ns ii, ^iiE*e^sar-'/;v 

[0 0 4 8] 7^'-bXta->'XrA4 0a. m 

mmmmmi i tj^'-txaMsi z^su^Kif 

3 ym^T^^£^mm^(Dr\ 0 s ©^-^^/i/i^t 
:o 0 4 9] 01 3t±. »jsm^tfcnts±iHxv- 

h * - F ©7 i' -fexga^ n y k° ^ - i?"^ A £ i 

O^ltCPUSl, ROM. RAMtri^Ele'iggS 
2, ?i|flE'iSa5 3. x-i-X^W, *-#-F^© 20 
Xfti^lSS(I/0) 5 4. LANWAN, -IS0« 

-/s fcoRfae^^iEft 5 7 ft^ 5Eiirt^^f^^^tti-rii 

^^^ItttaSS 6Stf lBS^|gC©V^XV-h;^;-K5 
9^IISLTI/^§XV-FA-KU-^f5 8^tU C 

[0 0 5 0] sfc0 1 2mwmy7.TkT^ii. m- 

U) rVXi?. CD-ROM. MO^©s2®5SI*5 7 ft 
aEIB'iSS 5 2 1 /c^i/^- FrV X 5 5 (r^f y n- 

Ft^o ^L-df-wmwi^ii^mmit. cpusi 
[0 0 5 1] ^/£. ii(^)iffB5aassm. 7P'yt- 

T-f Xi'^cDt^Kfi^S 7 W^T77';'^— ^a^v 
7F©^;6'!ffbn5^^a&5„ i^T. ^Wm>t. 
XV-hA-F©7^'-feXWiI->XxA^«'t:&?Stl® 40 

[0 0 5 2] ^©1^. mm%w\ tfi. ««j^tf0 1 

4tC3^?n5J;9{t, CD-ROM. 7n'ytf—rVX 
^ ($5(/-'(iM0. DVD. Ui^-/^7;V/^-F■r-fX 

^Bl»teS^I^7 6-^. *-yF7-^^[51^7 3S*T'g 



#P?S2 0 0 2- 1 5 7 5 5 4 
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'^-X^) 7 2. fe5t/Hi'i»afiS7 1 ©*#7 4 
rt©^t'J CRAMXtiM-FxVX^'^) 7 5^^1^-g- 

snso Rr«fHg^i#^7 e^ias^g (x~^r-<-x 

^) 7 2tiafi^nTl^S7n^'"^Afi. *#:7 4l^® 
(RAMXti/^-Ff-<X^§) 7 5tn-F* 

nr. mf^nsc 

[0 0 5 3] (#iBl) iti[©77°';^r-v'3yti:ct 
F*- K'\iD7^-feX;&^t5Xv- F:^f- 
F07^;^-f:X*Kii^Xxi.-i?feoT. 77'U'^-J^3:^ 
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